2 clients cannot play the same game / play on the same server

Currently I'm using an Edge Router from UBNT, but because of FQ_CoDel I want to switch to PfSense as the ERX tops out at 100Mbps with FQ_CoDel enabled.

With an Edge Router, 2 clients can play the same game at the same time and even join the same server together.

That the game clients use the same ports is not an issue, as the EdgeOS takes care of that.
Take a look at the automatically generated rules below - this example shows 2 clients play Warframe at the same time, using the default ports.

Note how the ports 4950 and 4955 get incremented by "1" as otherwise both clients would use 4950&4955.

So with an EdgeRouter you just enable UPnP2 & NAT-PMP and you are done!!!

NAT-Status is open

2 (or more) clients can play the same game at the same time

2 (or more) clients can play the same game on the same server at the same time

My experience in PfSense so far has been very different or better said frustrating.

I enabled UPnP and NAT-PMP, thinking this would work like in EdgeOs: But that did not resolve the "Strict NAT" issue on consoles. And games like Warframe still did not work at all due to "Strict NAT" even though UPnP is enabled and rules were added!?!? (other games that use peer-2-peer or the client hosted network model have issues as well i.e. Black Ops 4, Ghost Recon Wildlands).

Then I created the suggested "Static Port NAT" rule: This resulted in an "Open NAT Status" on the PS4 and XB1, and Warframe worked as well.

HOWEVER

With UPNP/NAT-PMP enabled, as well as the "Static Port NAT" rule in place for each client (remember this was required to get an OPEN Nat Status on my consoles, and for games like Warframe to work at all), I faced a new issue.

2 clients cannot play the same game at the same time (which seems logical as PfSense nolonger randomises the Source Port now)

Apex Legends:

2 players cannot play the game together / on the same server. One gets disconnected from the lobby as soon as the match is about to begin. However players can play the game alone, on different servers. If I disable the "Static Port NAT" rule, then both players can play the game, even on the same server! But I can't constantly enable/disable the "Static Port NAT" rules depending on the game we play (remember, other games need the "Static Port NAT" rule). O.o

Battlefield V:

2 Players can't play the game at the same time - at all! The 2nd player won't see the ping to the servers, nor can he connect to ANY server. If I disable the "Static Port NAT" rule, then both players can play the game, even on the same server. But friend invites still don't work! Also I can't constantly enable/disable the "Static Port NAT" rules depending on the game we play (remember, other games need the "Static Port NAT" rule). O.o

Warframe:

Players can't play the game at the same time - at all! Both UPnP and the "Static Port NAT" rule are required for the game to function, so you can't turn off either. Only solution is to change the ports used by one client (luckily you can do this in the options menu of Warframe - then again, I don't have to do this on the Edge Router)

As I said, with the Edge Router I do not have any of these issues!

QUESTION:
So, am I missing something or is it really impossible to get PfSense to work like the EdgeRouter, where I configure it once and then it "just works", no matter which game we play and how many clients are playing it?

I mean, I really can't enable/disable the "Static Port NAT" rule all the time depending on which game we play.

It seems that all the issues boil down to how UPnP is implemented in PfSense - which simply does not provide the same functionally as UPnP provides in literally any other router.

I now switched to Untangle - it does not suffer from any of these issues and provides a few nice additional features, which help to even prevent steam and bittorrent for preventing minor ping spikes that FQ_CoDel alone can't prevent due to the many sessions these open.

I agree, it would appear through my basic research (reading lots of forums) and my testing of various firewalls that implement UPnP using miniupnpd sufer this same problem.

Taking the advice of @solidservo I tried the alternative that was suggested and both consoles connect to the games immediately. The same level of UPnP access controls are provided. It looks like there is some handshaking incompatibility between the consoles and the UPnP implementation when negotiating over a port conflict.

I don't find the alternative firewall as user friendly but it solves a critical problem for our household.

I had the same issue with many games (Warframe, Red Dead Online, Destiny 2) on Xbox.

The tips is check Static Port for the 1 console (Menu NAT Outbound) and don't check Static Port for the second.
The second Xbox will appear with NAT Strict but you can invite and play together in Warframe for example.

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.